<html>
<body>
<?php
if (isset($_REQUEST['x'])) {
    $x = $_REQUEST['x'];
    echo "<h1>Choose New Pdf from your PC</h1>";
    echo "<form action='Admin_E_pdf.php?x=$x' method='post'
     enctype='multipart/form-data'>";

    echo "<label for='file'>New pdf:</label>";
    echo "<input type='file' name='file2' id='file'><br>";
    echo "<input type='submit' name='submit' value='Submit'>";
    echo "</form>";
}
if (isset($_POST['submit'])) {
    require ("connection.php");
    
    $x = $_REQUEST['x'];
    if ($_FILES["file2"]["error"] > 0) {
        echo "Error: " . $_FILES["file2"]["error"] . "<br>";
    } else {
        $allowedExts2 = array("pdf");
    }
    $temp2 = explode(".", $_FILES["file2"]["name"]);
    $extension2 = end($temp2);

    if (($_FILES["file2"]["type"] == "application/pdf") && ($_FILES["file2"]["size"] <
        2000000) && in_array($extension2, $allowedExts2)) {
        $path2 = "upload/" . $_FILES["file2"]["name"];
        move_uploaded_file($_FILES["file2"]["tmp_name"], $path2);
    } else { ?> <script>alert("You can't upload this file.\nOnly files with extensions [ pdf ] are allowed."); 
                          window.history.back(); </script> <?php }
    $squery = "select * from Magazine where Magazine_id=$x";
    $cmd=mysql_query($squery);
    $data=mysql_fetch_array($cmd);
    $dquery = "DELETE FROM Magazine WHERE Magazine_id=$x";
    mysql_query($dquery);
    mysql_query("INSERT INTO `Magazine` (`Magazine_id`,`Magazine_name`,`Magazine_ptime`,`Magazine_cphoto`,`Magazine_pdf`) VALUES ('$data[Magazine_id]','$data[Magazine_name]','$data[Magazine_ptime]','$data[Magazine_cphoto]','$path2')");
    header("Location: Admin_Magazine.php");
}
?>
</body>
</html>